Operating system independent agent

ABSTRACT

Described is a computing platform comprising a host processing system to host an operating system, a communication adapter to transmit data to or and receive data from a data transmission medium, and a non-volatile storage. The computing platform may also comprise an agent executable independently of the operating system to enable read-only or read/write access to at least a portion of the non-volatile storage.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of now pending U.S. patentapplication Ser. No. 10/937,755, entitled “Operating System IndependentAgent” filed on Sep. 8, 2004 which is incorporated by reference hereinin its entirety.

BACKGROUND

1. Field

The subject matter disclosed herein relates to systems for use inmanaging computing assets. In particular, the subject matter disclosedherein relates to the use of processes capable of executing on acomputing platform independently of an operating system hosted on thecomputing platform.

2. Information

Enterprises typically deploy computer assets that are coupled by datalinks in local area networks (LANs) and wide area networks (WANs). Thesecomputer assets typically host a software build which includes anoperating system and one or more application programs such as wordprocessing programs, electronic mail programs and spreadsheet programs.To manage these computer assets, an enterprise typically employs assetmanagement applications that can determine hardware or softwareconfiguration information and maintain up-to-date inventory of thecomputer assets. The enterprise may also employ network securityapplications to enable discovery and patching of securityvulnerabilities, and operating system recovery tools to recover systemconfigurations in the event of a system crash.

BRIEF DESCRIPTION OF THE FIGURES

Non-limiting and non-exhaustive embodiments of the present inventionwill be described with reference to the following figures, wherein likereference numerals refer to like parts throughout the various figuresunless otherwise specified.

FIG. 1A shows a computing platform according to an embodiment of thepresent invention.

FIG. 1B shows a network topology including a computing platformaccording to an embodiment of the computing platform shown in FIG. 1Aemployed in an enterprise information technology environment.

FIG. 1C shows a network topology including a computing platformaccording to an embodiment of the computing platform shown in FIG. 1Aemployed in a service network.

FIG. 2 shows aspects of a computing platform hosting an operating systemindependent agent according to an embodiment of the computing platformshown in FIG. 1.

FIG. 3 illustrates interactions between an operating system independentagent and application programs according to an embodiment of theoperating system independent agent shown in FIG. 2.

FIG. 4 shows a flow diagram illustrating a process of allocating rightsto access a portion of a non-volatile storage according to an embodimentof the storage manager shown in FIG. 3.

FIG. 5 shows according to an embodiment of processes interacting with astorage manager according to an embodiment of the computing platformshown in FIG. 2.

DETAILED DESCRIPTION

Reference throughout this specification to “one embodiment” or “anembodiment” means that a particular feature, structure, orcharacteristic described in connection with the embodiment is includedin at least one embodiment of the present invention. Thus, theappearances of the phrase “in one embodiment” or “an embodiment” invarious places throughout this specification are not necessarily allreferring to the same embodiment. Furthermore, the particular features,structures, or characteristics may be combined in one or moreembodiments.

“Machine-readable” instructions as referred to herein relates toexpressions which may be understood by one or more machines forperforming one or more logical operations. For example, machine-readableinstructions may comprise instructions which are interpretable by aprocessor compiler for executing one or more operations on one or moredata objects. However, this is merely an example of machine-readableinstructions and embodiments of the present invention are not limited inthis respect.

A “storage medium” as referred to herein relates to media capable ofmaintaining expressions which are perceivable by one or more machines.For example, a storage medium may comprise one or more storage devicesfor storing machine-readable instructions or data. Such storage devicesmay comprise storage media such as, for example, optical, magnetic orsemiconductor storage media. However, these are merely examples of astorage medium and embodiments of the present invention are not limitedin these respects.

A “non-volatile storage” as referred to herein relates to a storagemedium capable of maintaining expressions of information when power isremoved from the storage medium. Such a non-volatile storage maycomprise storage media such as, for example, writable optical media,magnetic media (e.g., hard disk memory) or semiconductor media (e.g.,flash memory). However, these are merely examples of a non-volatilestorage and embodiments of the present invention are not limited in thisrespect. Devices communicating with a non-volatile storage may becapable of having “read access” to a portion of the non-volatile storageto retrieve information or having “write access” to store information ina portion of the non-volatile storage.

“Logic” as referred to herein relates to structure for performing one ormore logical operations. For example, logic may comprise circuitry whichprovides one or more output signals based upon one or more inputsignals. Such circuitry may comprise a finite state machine whichreceives a digital input and provides a digital output, or circuitrywhich provides one or more analog output signals in response to one ormore analog input signals. Such circuitry may be provided in anapplication specific integrated circuit (ASIC) or field programmablegate array (FPGA). Also, logic may comprise machine-readableinstructions stored in a storage medium in combination with processingcircuitry to execute such machine-readable instructions. However, theseare merely examples of structures which may provide logic andembodiments of the present invention are not limited in this respect.

A “processing system” as discussed herein relates to a combination ofhardware and software resources for accomplishing computational tasks.For example, a processing system may comprise a system memory andprocessing circuitry (e.g., a central processing unit (CPU) ormicrocontroller) to execute machine-readable instructions for processingdata according to a predefined instruction set. However, this is merelyan example of a processing system and embodiments of the presentinvention are not limited in this respect. A “host processing system” asreferred to herein relates to a processing system which may be adaptedto communicate with a “peripheral device.” For example, a peripheraldevice may provide inputs to or receive outputs from an applicationprocess hosted on the host processing system. However, these are merelyexamples of a host processing system and a peripheral device, andembodiments of the present invention are not limited in this respect.

An “application program” as referred to herein relates to one or moreprocedures that may be executed according to machine-readableinstructions to complete one or more tasks. Such an application programmay be designed to provide a result according to predefined userrequirements. Application programs may include, for example, electronicspreadsheets, word processing programs, asset management programs andagents, system management programs and agents, user interfaces andcommunication related application programs. However, these are merelyexamples of application programs and embodiments of the presentinvention are not limited in these respects.

An “operating system” as referred to herein relates to one or moreexecutable procedures for facilitating communication between applicationprograms and processing resources of a processing system. Such anoperating system may allocate processing resources to applicationprograms and provide an application programming interface (API)comprising callable software procedures for execution on the processingresources in support of application programs. However, these are merelyexamples of an operating system and embodiments of the present inventionare not limited in these respects.

An “agent” as referred to herein relates to a process associated with aprocessing system to execute one or more defined tasks. Such tasks mayinclude, for example, gathering information, detecting events orconditions associated with the processing system, executing proceduresin response to detection of an event or condition, or enabling secureaccess to one or more portions of a computing platform. An agent may behosted on a computing platform in association with first a node on adata network such that the agent may communicate through the datanetwork with a process hosted in association with a second node on thedata network. However, these are merely examples of an agent andembodiments of the present invention are not limited in these respects.

A “data transmission medium” as referred to herein relates to any mediasuitable for transmitting data. A data transmission medium may includeany one of several mediums including, for example transmission cabling(e.g., coaxial, twisted wire pair or fiber optic cabling), wirelesstransmission media or power lines. However, these are merely examples ofa data transmission medium and embodiments of the present invention arenot limited in this respect.

A “communication adapter” as referred to herein relates to a devicewhich may be coupled to a data transmission medium to transmit data toor receive data from other devices coupled to the data transmissionmedium. For example, a communication adapter may comprise a networkadapter designed to transmit data to or receive data from devicescoupled to a network such as a local area network. Such a networkadapter may communicate with the other devices according to any one ofseveral data communication formats such as, for example, communicationformats according versions of IEEE Std. 802.3, IEEE Std. 802.11, IEEEStd. 802.16, Universal Serial Bus, Firewire, asynchronous transfer mode(ATM), synchronous optical network (SONET) or synchronous digitalhierarchy (SDH) standards. In alternative embodiments, a communicationadapter may comprise any one of other I/O devices such as, for example,an adapter to a data storage system. However, these are merely examplesof a communication adapter and embodiments of the present invention arenot limited in these respects.

Briefly, an embodiment of the present invention relates to a computingplatform comprising a host processing system for hosting an operatingsystem, a communication adapter for transmitting data to or and receivedata from a data transmission medium, and a non-volatile storage. Thecomputing platform may also comprise an agent executable independentlyof the operating system which enables read access or write access to atleast a portion of the non-volatile storage by an external process inresponse to requests. However, this is merely an example embodiment ofthe present invention and other embodiments are not limited in theserespects.

FIG. 1A shows a computing platform 10 comprising a CPU 12, a systemmemory 16 and core logic 14 to enable communication among devices in thecomputing platform 10. The CPU 12 may comprise any one of severalgeneral processors such as, for example, versions of the Pentium®,Celeron®, Xeon®, Itanium® or XScale® CPUs sold by Intel Corporation.However, these are merely examples of a CPU and embodiments of thepresent invention are not limited in these respects. The core logic 14may comprise any one of several devices (e.g., a memory controller hub(MCH) and/or I/O control hub (ICH) products sold by Intel Corporation)for controlling communication among devices in a computing platform.However, these are merely examples of devices which are capable ofproviding core logic to a computing platform and embodiments of thepresent invention are not limited in these respects. The system memory16 may comprise one or more random access memory (RAM) devices such asdynamic RAM (DRAM), synchronous DRAM (SDRAM), Rambus DRAM (RDRAM) ordual-rate DRAM (DDR). However, these are merely examples of memorydevices that may be used to provide a system memory and embodiments ofthe present invention are not limited in these respects.

The computing platform 10 may also comprise a communication adapter 20that is capable of transmitting data to or receiving data from a datatransmission medium (e.g., wireless transmission medium, or coaxial,fiber optic or unshielded twisted wire pair cabling) according to anyone of several data transmission protocols (e.g., versions of Fibrechannel, IEEE Std. 802.3, IEEE Std. 802.11, IEEE Std. 802.16,Synchronous Optical NETwork/Synchronous Digital Hierarchy (SONET/SDH),Universal Serial Bus or Firewire). The communication adapter 20 may becoupled to the core logic 14 by a multiplexed data bus 22 such as aperipheral components interconnect (PCI) data bus. The core logic 14 mayarbitrate read and write access transactions to the system memory 16among other entities in the computing platform 10 such as the CPU 12 andthe communication adapter 20. For example, the core logic 14 may enablebyte, word or page addressable memory transactions, or direct memoryaccess (DMA) transactions between the system memory 16 and otherentities in the computing platform 10.

The computing platform 10 may comprise a non-volatile storage (NVS) 18which is capable of storing information in addressable locations whenpower is removed from the computing platform 10. The NVS 18 may compriseany one of several types of non-volatile memory devices such as, forexample, flash memory devices, polymer memory devices, magnetic memorydevices or optical memory devices. According to an embodiment, the NVS18 may be read or write accessible by entities or processes hosted orexecuted on the CPU 12, or entities or processes communicating with thecomputing platform 10 through the communication adapter 20. In analternative embodiment, the communication adapter 20 may contain anembedded non-volatile memory (not shown) that is accessible byapplication programs.

According to an embodiment, the CPU 12 and system memory 16 may host anoperating system and application programs which are executable under thecontrol of the operating system. The application programs may beconstructed to interact with an API defined by the operating system. Inaddition to processes and application programs under the control of theoperating system, other processes may be maintained and executedindependently of the operating system hosted on computing platform 10.The operating system independent processes may access portions of anon-volatile storage (e.g., NVS 18 or other non-volatile storage device(not shown) embedded in the communication adapter 20) regardless of thestate of the operating system (e.g., running, in a reduced power stateor disabled due to system crash). Such access by operating systemindependent processes may entail accessing the non-volatile storage todetermine hardware or software configuration information independentlyof whether the operating system is running. A network securityapplication may access the non-volatile storage to discover and patchsecurity vulnerabilities. Operating system recovery tools may access thenon-volatile storage to access hardware or software configurationinformation to restore applications in the event of an operating systemcrash.

The computing platform 10 may comprise a power management systemincluding one or more processes hosted on the CPU 12 and system memory16 to communicate with one or more subsystems of the computing platform10. For example, the power management system may place the subsystems ina reduced power state in response to detecting one or more events orconditions. The power management system may cause the subsystems tosubsequently resume to a full power state in response to other events.The power management system may be formed according to the AdvancedConfiguration and Power Interface (ACPI) as illustrated in the ACPISpecification, Rev. 1.0b, February 2, 1999 (hereinafter the “ACPISpecification”). However, this is merely an example of a powermanagement system used in conjunction with a computing platform andembodiments of the present invention are not limited in these respects.

According to an embodiment, a process under the control of the operatingsystem or remotely executing and communicating with the computingplatform 10 through the communication adapter 20 may be provided writeor read access rights to portions of the non-volatile storage. Forexample, such a process may store or retrieve hardware or softwareconfiguration information as part of an asset management application,network security application or operating system recovery tool.

According to an embodiment, the communication adapter 20 may communicatewith an external node 26 over a data transmission medium 24. Theexternal node 26 may host processes that are capable of interacting withapplication programs hosted on the CPU 12 or other processes hosted onthe computing platform 10. Also, by sending commands to thecommunication adapter 20, the external node may have read or writeaccess to a portion of the non-volatile storage.

FIG. 1B shows one use of the computing platform 10 in an enterpriseinformation technology environment. A router 34 may route data packetsamong a computing platform 32 (formed according to an embodiment of thecomputing platform 10), peer computing platforms 36 and a server 38.Accordingly, a peer computing platform 36 or server 38 may communicatewith an operating system independent agent hosted on the computingplatform 32 through a communication adapter to store or retrieveinformation from a non-volatile storage.

FIG. 1C shows an alternative use of the computing platform 10 as any oneof a plurality of subscriber platforms 42 in a service network topology40. According to an embodiment, a distribution node 44 provide voice,data or video services as part of an end-to-end infrastructure forproviding services (e.g., ATM services) to the subscriber platforms 42.The distribution node 44 may be coupled to a service network by a highspeed data link 47 capable of transmitting data packets (such as aSynchronous Optical NETwork (SONET) link capable of transmittinginterleaved ATM cells or IP packets in SONET frames) to support one ormore services (e.g., voice data, video data or Internet data). However,this is merely an example of how a distribution node may be coupled to aservice network and embodiments of the present invention are not limitedin these respects.

For providing the services to subscriber platforms 42, the distributionnode 44 may comprise equipment to communicate with network elementsdownstream of the distribution node 44 such as, for example, a DSLAM,cable modem termination system (CMTS) or a wireless transmission basestation (not shown). A subscriber platform 42 (e.g., personal computer,set-top box, hand held wireless device, broadband modem, etc.) may becoupled to the distribution node 44 by any one of several types of datalinks 45 capable of transmitting data to provide services to thesubscriber platforms 42 such as, for example, DSL links, wireless links,coaxial cabling or Ethernet over unshielded twisted wire pair. In otherembodiments, a subscriber platform may comprise additional telephonyequipment (e.g., private branch exchange system) coupled to multipledevices for receiving ATM services. However, these are merely examplesof how a subscriber platform may be coupled to a distribution node andembodiments of the present invention are not limited in these respects.According to an embodiment, entities coupled to the service network 46may communicate with an operating system independent agent hosted on anyof the subscriber platforms 42 through a communication adapter to storeor retrieve information from a non-volatile storage maintained in thesubscriber platform 42.

FIG. 2 shows aspects of a computing platform 100 hosting an operatingsystem independent agent 116 according to an embodiment of the computingplatform 10 shown in FIG. 1. A CPU 112 may execute instructions of anoperating system (OS) 118 to manage computing resources. The OS 118 maycomprise any one of several commercially available versions of Windows®sold by Microsoft Corp., Solaris® sold by Sun Microsystems or operatingsystems sold by WindRiver. Alternatively, the OS 118 may comprise anyone of several versions of open source Linux operating systems. However,these are merely examples of operating systems that may be hosted on acomputing platform and embodiments of the present invention are notlimited in these respects. Among other things, the OS 118 may controlthe execution of processes on the CPU 112 such as an application program120 and access driver 122.

According to an embodiment, an OS independent agent 116 may control readand/or write access to one or more portions of a non-volatile storage128 by either processes executed in the domain of the OS 118 or byprocesses executed independently of the OS 118. The features of the OSindependent agent 116 may be embodied in machine-readable instructionsstored a storage medium which may be executed independently of the OS118. In one embodiment, the CPU 112 may support multi-threadedprocessing (e.g., using multi-threading on a single processing core ormulti-threading on multiple processing cores) and the OS independentagent 116 may be executed on a processing thread of the CPU 112independently of a different processing thread which is executing the OS118 and other processes in the domain of the OS 118. Alternatively, theOS independent agent 116 may be executed independently of the CPU 112 ona microprocessor or microcontroller (not shown), such as a MIPS or ARMprocessing core, which is embedded in the communication adapter 20 (FIG.1). However, these are merely examples of how an agent may be hosted ona computing platform independently of an operating system andembodiments of the present invention are not limited in these respects.

According to an embodiment, the OS independent agent 116 may comprise astorage manager 124 to control allocation of portions of thenon-volatile storage 128 to application programs or other processesaccording to allocation control data (ACD) 126. The non-volatile storage128 may comprise one or more non-volatile memory devices (e.g., flashmemory devices) that maintain firmware for a platform basic input/outputsystem (BIOS) or private data storage. The OS independent agent 116 maycontrol all allocation and read and write access to at least apredetermined physical portion of the non-volatile storage 128 (eithercontiguous or non-contiguous) which is available for allocation for useby instances of application programs or other processes. In oneembodiment, the ACD 126 may comprise one or more data structuresresiding in a dedicated portion of the non-volatile storage 128 that isaccessible through the OS independent agent 116 to the exclusion ofother processes. Particular instances of an application program or otherprocess may request an allocation of a portion of the dedicated portionof the non-volatile storage 128. For each instance of an applicationprogram, the ACD 126 may maintain a record associated with the instanceincluding an identifier, size of total allocation available to theinstance and size of current allocation to the instance. In oneembodiment, the identifier in the record may be based upon a UniversallyUnique Identifier (UUID) according to A UUID URN Namespace, InternetDraft, published by the Internet Engineering Task Force (IETF), January2004. As more than one instance of an application program may exist atany particular time, a record in the ACD 126 may be associated with aparticular instance of an application program to receive an allocationof the non-volatile storage 128. A corresponding handle or identifiermay uniquely distinguish a record in the ACD 126 for a particularinstance of an application program from different instances of the sameapplication program and instances of other application programs.

The storage manager 124 may allocate additional portions of thenon-volatile storage 128 to a requesting application program or processup to a maximum size according to the record in the ACD 226 associatedwith the requesting application program or process. In one alternativeembodiment, ACD 226 may indicate a maximum allocation size for allapplication programs or processes having a cumulative potential totalmemory allocation that exceeds the storage available on the dedicatedportion of the non-volatile storage 128. It should be noted, however,that not all applications or processes may request an allocation of thenon-volatile storage 128 as specified in the records of the ACD 226.

A manufacturer that assembles the components of the computing platform100 may be different from a software vender that develops and providesthe application programs that are to be hosted on the computing platform100. Nevertheless, these parties may agree (e.g., by contractualarrangement) that the storage manager 124 is to maintain “partner”entries in the ACD 226 corresponding with application programs developedby the software vender. These partner entries may be distinguished fromother “non-partner” records in the ACD 126 that correspond withapplication programs or process that are not provided by a softwarevendor having such an arrangement with the manufacturer. Suchnon-partner processes or application programs may include processes orapplication programs from venders that do not have a contractualrelationship with the vendor of the storage manager 124. In oneembodiment, the manufacturer may pre-load entries in the ACD 126associated with partner processes or application programs when thecomputing platform 100 is manufactured. Entries in the ACD 126associated with non-partner processes or application programs may beadded to the ACD 126 after the computing platform 100 is deployed.Entries associated with non-partner processes or application programsmay be subsequently created by, for example, application programsexecuting on the computing platform 100 or a remote processcommunicating with the computing platform 100 via the communicationadapter 20, having first registered with the OS independent agent 116 asdescribed below. Such creation of non-partner entries may be performedby a system management application under the control of a system managerin an enterprise information technology environment.

According to an embodiment, the storage manager 124 may implementdifferent policies for allocation of the dedicated portion ofnon-volatile storage 128 based upon whether an allocation request isreceived from an instance of either a partner or non-partner applicationprogram. For example, the storage manager 124 may reserve a portion ofthe non-volatile storage 128 for allocation exclusively to instances ofpartner application programs. The storage manager 124 may then reservethe remaining portion of the non-volatile storage 128 to instances ofeither partner application programs or non-partner application programs.

According to an embodiment, a process or instances of an applicationprogram may request an allocation of a portion of the non-volatilestorage 128 to store information such as, for example, hardwareconfiguration information (e.g., information descriptive of theexistence or status of a CPU, core logic chipset, system memory, harddrive, communication adapter(s) or other peripheral devices) andsoftware configuration information (e.g., information descriptive of theexistence or status of an operating system, application programs beinghosted on the host including versions of application programs andsecurity patch levels associated with the application programs).

According to an embodiment, application program instances or processesexecuting on the CPU 118 (e.g., application program instance 120) mayissue commands to the OS independent agent 116 through a commandinterface 114. The access driver 122 may transmit commands from theapplication program instances or processes to the OS independent agent116 through the command interface 114 using predefined buffers in systemmemory 16 (FIG. 1) which are outside the domain of the OS 118. In anembodiment in which the OS independent agent 116 is executed by amicrocontroller independently of the CPU 112 (e.g., embedded in thecommunication adapter 20), for example, the command interface 114 may beimplemented in a memory mapped I/O interface (e.g., according to the PCIlocal bus specification).

Remote application program instances or processes (e.g., applicationprogram instances or processes executing external to the processingplatform 100) may also issue commands to the OS independent agent 116encapsulated as in-band messages received at the communication adapter20. After being received at the communication adapter 20, theencapsulated commands may be stored in a predefined buffer in the systemmemory to be retrieved by the OS independent agent 116. Alternatively,in an embodiment in which the OS independent agent 116 is executed on amicrocontroller on the communication adapter 20 independently of the CPU112, the remote applications or processes may transmit commands to theOS independent agent 116 in out-of-band messages. In other embodiments,the application program 120 may transmit commands to the OS independentagent 116 hosted on the microcontroller encapsulated in outbound packetstransmitted to the communication adapter 20. The communication adapter20 may recognize the outbound packets as commands to be provided to theOS independent agent 116 hosted on the microcontroller and provide theencapsulated commands accordingly. In one example, the communicationadapter 20 may comprise an auxiliary bus to transmit portions of theoutbound packets to the microcontroller for processing as described inU.S. Pat. No. 6,385,211.

FIG. 3 illustrates interactions between an OS independent agent 216 andapplication programs or processes according to an embodiment of the OSindependent agent 116 shown in FIG. 2. An application program instance202 may exist in the domain of the operating system 118 and maycommunicate with the OS independent agent 116 through the commandinterface 114. Application program instances 204 and 206 may existoutside of the domain and control of the operating system 118 (e.g., maybe executed on an external processing system or a processing threadexecuting independently of a processing thread executing the operatingsystem 118). Accordingly, either of these application program instancesmay communicate with the OS independent agent 116 through the commandinterface 114 (e.g., if the application program instance is executed onan independent thread of the CPU 112) or through the communicationadapter 20 (e.g., if the application program instance is executed on anexternal processing system).

According to an embodiment, the application program instance 202 mayregister its existence with a storage manager 224 to obtain a handle (orunique identifier) to be used in communicating with the storage manager224. This registration process may occur according to a predefinedprotocol in which the application program instance 202 providesidentification information such as a vendor name, application name,enterprise name and UUID. The storage manager 224 may then generate thehandle using, for example, a hash algorithm (e.g., SHA-1) based upon theinformation provided by the requesting application program instance 202.The handle may then be used in future communications between theapplication program instance 202 and the storage manager 224.

Following the registration process with the storage manager 224, theapplication program instance 202 may request an allocation of anallocatable portion of the non-volatile storage 228 by transmitting anAllocate Block command to the OS independent agent 216 using the handlegenerated in the aforementioned registration process. In addition toincluding the handle, the Allocate Block command may include informationsuch as a size of memory allocation of the non-volatile storage 228requested. Upon receipt of the Allocate Block command, the storagemanager 224 may associate the handle (in the received Allocate Blockcommand) with information in ACD 226 for determining whether the requestmay be fulfilled.

According to an embodiment, following the allocation of a portion of thenon-volatile storage 228 to the application program instance 202, theapplication program instance 202 may provide additional commands to thestorage manager 224 for granting read-only or read/write access rightsfor the allocated portion of non-volatile storage 228 to other processesor application programs. The storage manager 224 may then control accessto the allocated portion of the non-volatile storage 228 accordingly. Inthe presently illustrated embodiment, for example, the applicationprogram instance 202 may provide a command to the storage manager 224for granting read-only or read/write access rights to either of theapplication program instances 204 or 206. In one example, theapplication program instance 202 may also periodically update hardwareand/or software configuration information in the allocated portion ofthe non-volatile storage 228 by transmitting Write Block commands to thestorage manager 224. Either of the application program instances 204 or206 may then access the updated configuration information bytransmitting a Read Block request to the storage manager 224.

In another example, the application program instance 204 may comprise amanagement console application executed externally and transmit commandsto the storage manager 224 through the communication adapter 20 (FIG.1). The management console application may enable remote management ofthe computing platform 100 in an enterprise information technologyenvironment. Also, the management console application may have writeaccess to a portion of the non-volatile storage allocated to applicationprogram instance 202 and provide updates (e.g., security patches) to aversion of the associated application program currently being hosted onthe computing platform 100.

In another example, the application program instance 206 may comprise anOS recovery application enabling restoration of a system state of acomputing platform in the event of a system crash. Operatingindependently of the operating system 118, the storage manager 224 mayenable the application program instance 206 to read the updatedconfiguration information in the allocated portion of non-volatilestorage 228 regardless of whether the operating system 118 is executing.If the OS independent agent 216 is executing independently of the CPU112 (e.g., on a microcontroller or microprocessor embedded in thecommunication adapter 20), the storage manager 224 may also enable theapplication program instance 204 or 206 to remotely read the updatedconfiguration information regardless of whether the computing platform100 is in a full power state. Alternatively, application programinstance 204 or 206 may write information (e.g., updated configurationinformation, patches, etc.) to an allocated portion of the non-volatilestorage 228 when the computing platform 100 is in a reduced power state.Upon restoration of the computing platform 100 to a full power state(e.g., including a reset procedure), the application program 202 mayretrieve the stored information from the allocated portion of thenon-volatile storage 228 (e.g., as part of a power up script).

To control the allocation of the allocatable portion of non-volatilestorage 228, the storage manager 224 may maintain one or more datastructures of the ACD 226 in a memory (e.g., a portion of non-volatilestorage 228 that is not to be allocated to application program instancesbut used to store the data structures used to manage the non-volatilestorage 228). An application registration list (ARL) may maintain a listof each currently registered instance as identified the handle generatedfor the instance in the registration process. A factory partnerallocation control list (FPACL) may maintain a record of eachapplication program associating the application program with its factoryapplication identifier and a maximum total allocation permitted for theapplication program. A partner allocation control list (PACL) maymaintain a record of each registered application program instanceassociated with a partner application program that has allocated aportion of the non-volatile storage 228 (e.g., as identified in theFPACL). Similarly, non-partner allocation control list (NACL) maymaintain a record of each application program instance which is notassociated with a partner application program that has allocated aportion of the non-volatile storage 228. A record in the PACL or NACLmay associate the handle of a registered application program instancewith a maximum allocation and the current allocation for thatapplication program instance. An allocated block list (ABL) may identifyblocks of the non-volatile storage 228 which are allocated to each ofthe registered instances. The record in the ABL may associateinformation with the allocated block such as a block handle, size andbase address in the non-volatile storage 228.

FIG. 4 shows a flow diagram illustrating how the storage manager 224 mayprocess allocation requests from the application program instance 202following the aforementioned registration procedure (e.g., to assign ahandle to the requesting application program instance). An AllocateBlock command requesting an allocation of a block of non-volatilestorage 228 may be received from an application program instance atblock 302. The received Allocate Block command may include informationsuch as the handle of the requesting application program instance and arequested size of a storage block in non-volatile storage 228.

At diamond 304, the storage manager 224 may determine whether therequesting application program instance is associated with a partner ornon-partner application program (e.g., associated with either a partnervendor or non-partner vendor). For example, diamond 304 may compare thehandle of the received Allocate Block command with entries in the PACLto find a match with a partner application instance (e.g., havingalready received an allocation of storage as indicated in the PACL). Ifno match is found with entries in the PACL, diamond 304 may compare thehandle of the received Allocate Block command with entries in the FPACLto associate the handle with a partner application program.

In the illustrated embodiment, the entries in the FPACL establish apredefined maximum size of storage to be allocated to any one partnerapplication program instance and global data establishes a predefinedmaximum size of storage to be allocated to any one non-partnerapplication program instance. Accordingly, depending on whether theAllocate Block command is from a partner or non-partner instanceapplication program instance, diamonds 308 and 307 may determine whetherthe amount of storage requested would exceed the maximum permitted forthe application program instance. If the Allocate Block command is froma partner application program instance, for example, diamond 308 maydetermine whether the requested allocation added to the current storageallocated to the partner application program instance (e.g., asindicated in a corresponding record of the PACL) would exceed themaximum permitted for any one partner application program instance.Similarly, if the Allocate Block command is from a non-partnerapplication program instance, diamond 307 may determine whether therequested allocation added to the current storage allocated to thenon-partner application program instance (e.g., as indicated in acorresponding record of the NACL) would exceed the maximum permitted forany one non-partner application program instance. In any case, if therequested allocation would exceed the maximum permitted for therequesting application program instance, the request would be rejectedat block 306 with the rejection indicated in a reply message returned tothe requesting application program instance 202.

If allocation of the requested amount of storage space would not exceedthe maximum amount permitted for a requesting partner instance, diamond310 may determine whether there is sufficient space in non-volatilestorage 228 reserved for partner application program instances to beallocated to the requesting application program instance. If so, block316 may allocate the requested storage block, and update thecorresponding record in the PACL to indicate the current allocationsize, with the success indicated in a reply message returned to therequesting application program instance 202.

Diamond 312 may determine whether there is sufficient space in theportion of non-volatile storage 228 available for allocation tonon-partner application program instances if there is not sufficientspace in the portion of non-volatile storage 228 reserved for partnerapplication program instances to accommodate an allocation request froma partner application program instance. Diamond 312 may also determinewhether there is sufficient space in the portion of non-volatile storageavailable for allocation to non-partner application program instancesfor any request from a non-partner application program instance asdetermined at diamond 308. Upon Diamond 312 determining that there issufficient space to grant the request, block 318 may allocate therequested space, update the corresponding record in either the PACL orNACL, to indicate the current allocation size, with the successindicated in a reply message returned to the requesting applicationprogram instance 202. Otherwise, the request may be rejected at block314 with the rejection indicated in a reply message returned to therequesting application program instance 202.

An application program instance having received an allocation of a blockof storage may conditionally share access to an allocated block withother application program instances or processes. If shared access isdesired, the application program instance may initiate subsequentcommands to the storage manager 224 for granting read-only or read/writeaccess rights to the allocated block to other application programinstances or processes. Upon receiving these commands, the storagemanager 224 may define “permission groups” associated with an allocatedblock identifying other program instances or processes having eitherread-only or read/write access rights to the allocated block. Thestorage manager 224 may maintain a permissions group list (PGL) datastructure having a record for each allocated block including a blockhandle, information to identify one or more permission groups andinformation specifying the type of rights granted to the applicationinstances or processes in the identified group. Separately, for eachpermission group, the storage manager may maintain a group member list(GML) data structure listing each instance or process which is a memberof the permission group (e.g., identified by the handle associated withthe instance or process).

FIG. 5 shows processes interacting with a storage manager according toan embodiment of the computing platform shown in FIGS. 2 and 3. Amanaged client 404 may execute under the domain of an operating system(not shown) and communicate with an OS independent agent 406 throughbuffers defined in system memory (not shown) outside of the domain ofthe operating system. The managed client 404 may obtain access rights toa portion of non-volatile storage 402 as discussed above and grantaccess rights to that portion to a management console applicationprogram 408. A local storage application program 410 of the managedclient 404 may store hardware or software configuration information inthe allocated portion of non-volatile storage 402. Using thecommunication protocol stack of blocks 438, 434 and 436, a consoleschema application 428 may communicate with the OS independent agent 406for read access of the stored configuration information. Similarly, aremote storage application 430 may use the communication protocol stackof blocks 438, 434 and 436 to write data to the allocated portion of thenon-volatile storage 402 (e.g., to provide a security patch to themanaged client 404).

While there has been illustrated and described what are presentlyconsidered to be example embodiments of the present invention, it willbe understood by those skilled in the art that various othermodifications may be made, and equivalents may be substituted, withoutdeparting from the true scope of the invention. Additionally, manymodifications may be made to adapt a particular situation to theteachings of the present invention without departing from the centralinventive concept described herein. Therefore, it is intended that thepresent invention not be limited to the particular embodimentsdisclosed, but that the invention include all embodiments falling withinthe scope of the appended claims.

1-28. (canceled)
 29. A method comprising: hosting an operating system ona computing platform, the computing platform comprising a non-volatilestorage; receiving a message from an external process over a datatransmission medium, the external process to communicate with thecomputing platform over the data transmission medium; controlling atleast one of read-only and read/write access to at least a portion ofthe nonvolatile memory in response to the received message independentlyof the operating system, the portion of the non-volatile memoryallocated to an application program instance; maintaining a datastructure comprising a plurality of records, each record beingassociated with a respective application program instance and comprisinginformation representative of a maximum sub portion allocation of anallocatable portion; and granting access rights to a portion of themaximum subportion allocation to other application program instances inresponse to a command from the application program instance.
 30. Themethod of claim 29, further comprising: determining, independently ofthe operating system and regardless of whether the operating system isrunning, in a reduced power state, or disabled, allocation of a reservedportion of the portion of the non-volatile storage in response to thecommand from the application program instance.
 31. The method of claim29, further comprising: executing the operating system on a firstprocessing thread of a central processing unit in the computingplatform; and executing the access to the at least a portion of thenon-volatile storage in response to the received message on a secondprocessing thread of the central processing unit.
 32. The method ofclaim 29, further comprising: executing the operating system on acentral processing unit of the computing platform; and executing theaccess to the at least a portion of the non-volatile storage in responseto the received message on one of a microprocessor and a microcontrollerof the computing platform independently of the central processing unit.33. The method of claim 29, further comprising: hosting one or moreinstances of application programs in a domain of the operating system;and allocating a portion of the nonvolatile memory device for use by atleast one of the one or more instances of application programs up to apredetermined maximum size associated with the instance of theapplication program.
 34. The method of claim 29, further comprising:enabling the one or more application programs in a domain of theoperating system to store at least one of hardware and softwareconfiguration data in a predetermined portion of the non-volatilestorage.
 35. The method of claim 34, further comprising: at least one ofread-only and read/write accessing at least a portion of theconfiguration data stored in the non-volatile storage in response to arequest received at the communication adapter independently of theoperating system.
 36. The method of claim 29, further comprising:identifying an instance of an application program based upon aregistration request message received from the communication adapter,the registration request message comprising an identifier associatedwith the application program; and generating a unique identifierassociated with the instance of the application program based uponinformation in the registration request message.
 37. The method of claim36, wherein the agent further comprises logic to allocate a portion ofthe non-volatile memory to a registered application in response to anallocation request message received over the data transmission medium.38. A computing platform comprising: a host processing system comprisinga central processing unit to host an operating system; a communicationadapter to at least one of transmit data to and receive data from a datatransmission medium; a non-volatile storage; and an operating systemindependent agent, executable independently of the operating system, tocontrol at least one of read-only and read/write access to at least aportion of the non-volatile storage device by an external process inresponse to requests received at the communication adapter, the externalprocess to communicate with the computing platform through thecommunication adapter over the data transmission medium, the portion ofthe non-volatile storage device allocated to an application programinstance, the agent to maintain a data structure comprising a pluralityof records, each record being associated with a respective applicationprogram instance and comprising information representative of a maximumsub portion allocation of the allocatable portion, the agent to grantaccess rights to a portion of the maximum subportion allocation to otherapplication program instances in response to a command from theapplication program instance.
 39. The computing platform of claim 38,wherein the agent to determine, independently of the operating systemand regardless of whether the operating system is running, in a reducedpower state, or disabled, allocation of a reserved portion of theportion of the non-volatile storage in response to the command from theapplication program instance.
 40. The computing platform of claim 38,wherein the agent is hosted by a processing thread of the centralprocessing unit executing independently of the operating system.
 41. Thecomputing platform of claim 38, wherein the host processing system hostsone or more instances of application programs in a domain of theoperating system and the agent comprises logic to allocate a portion ofthe non-volatile memory device for use by an instance of an applicationprogram up to a predetermined maximum allocation size associated withthe instance of the application program.
 42. The computing platform ofclaim 38, wherein the host processing system hosts one or more instancesof application programs in a domain of the operating system and theagent comprises logic to enable the one or more instances of applicationprograms to store at least one of hardware and software configurationdata in a predetermined portion of the non-volatile storage.
 43. Thecomputing platform of claim 42, wherein the agent further compriseslogic to enable the external process at least one of read-only andread/write access to at least a portion of the configuration data storedin the non-volatile storage in response to requests received at thecommunication adapter independently of the operating system.
 44. Thecomputing platform of claim 43, wherein the agent comprises: logic toidentify an instance of an application program based upon a registrationrequest message received from the communication adapter, theregistration request message comprising an identifier associated withthe application program; and logic to generate a unique identifierassociated with the instance of the application program based uponinformation in the registration request message.
 45. The computingplatform of claim 45, wherein the agent further comprises logic toallocate a portion of the non-volatile memory to a registered instanceof an application program in response to an allocation request messagereceived from the communication adapter.
 46. The computing platform ofclaim 38, wherein the host processing system hosts one or more processesexecuted independently of the operating system.
 47. A computing platformcomprising: a host processing system comprising: a central processingunit to host an operating system; a non-volatile storage; and anoperating system independent agent executable independently of theoperating system to control at least one of read-only and read/writeaccess to at least a portion of the non-volatile storage device by anexternal process in response to requests received at the communicationadapter, the external process to communicate with the computing platformthrough the communications adapter over the data transmission medium,the portion of the non-volatile storage device allocated to anapplication program instance, the agent to maintain a data structurecomprising a plurality of records, each record being associated with aninstance of an application program, the agent to grant access rights toa portion of the maximum subportion allocation to other applicationprogram instances in response to a command from the application programinstance.
 48. The computing platform of claim 47, wherein the agent todetermine, independently of the operating system and regardless ofwhether the operating system is running, in a reduced power state, ordisabled, allocation of a reserved portion of the portion of thenon-volatile storage in response to the command from the applicationprogram instance